The Agent Skills Directory

[COMMAND_EXECUTION]: Executes shell commands including nohup, lsof, kill -9, and node -e to manage browser processes, monitor network ports, and terminate lingering background daemons.
[CREDENTIALS_UNSAFE]: Explicitly accesses and utilizes a fixed Chrome user profile directory at $HOME/.chrome-beta-e2e-profile. Browser profile directories are sensitive locations that store user session cookies, authentication tokens, and history, making them a target for data exposure.
[REMOTE_CODE_EXECUTION]: Frequently uses agent-browser eval and playwright-cli eval to execute arbitrary JavaScript within the browser. This includes patterns in references/Flutter-웹앱-패턴.md that download remote JavaScript bundles (main.dart.js) to extract and execute internal API methods.
[REMOTE_CODE_EXECUTION]: Instructs the agent to dynamically generate a JavaScript file (/tmp/file-upload-intercept.mjs) and execute it using the node runtime to intercept browser events, representing a dynamic code generation and execution vector.
[EXTERNAL_DOWNLOADS]: Directs the agent to install external global packages like agent-browser and @playwright/cli using npm if they are missing from the environment.
[PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection. It ingests untrusted data from arbitrary web pages (via eval and snapshot) and possesses powerful capabilities such as shell execution and browser control.
Ingestion points: Web content read via agent-browser eval and snapshot (SKILL.md, references/SPA-프레임워크-입력패턴.md).
Boundary markers: Absent; there are no instructions to the agent to disregard instructions found within web content.
Capability inventory: Shell command execution (nohup, kill), browser manipulation (click, fill, eval), and local script generation/execution (node).
Sanitization: None; external content is processed directly for display or evaluation.

peach-e2e-browse